2. The Nimbus Ninjas Team
Tushar Tambay: VP Engineering. High Brandon Wong: Student Instructor and
Cloud Security. Researcher, University of California,
Berkeley
MBA candidate at Haas School of
Business, University of Masters Student in Civil Systems
California, Berkeley. Engineering
Background: Operating Background: Introduction to
Systems, Enterprise Storage Programming Student Instructor,
Systems, File Systems, Enterprise Floating Sensor Control Developer, Tree
Security. Sap Flow Measurement Developer
Nitin Nagpal: Engineering Manager, NetApp Andy Yao: Principal Product
Manager, Oracle
MBA candidate at Haas School of
Business, University of California, Berkeley. MBA candidate at Haas School of
Business, University of
Background: Enterprise storage and California, Berkeley.
security, Backup/Archive solutions, Storage
Security Solutions, Secondary Storage Background: Enterprise software
Solutions and Storage File system R&D, Sales and marketing.
Engineering.
Ben Dahl, Pelion Ventures
3. Our Beginning
Target customer • Firms moving to public clouds
Problem • Keep applications and data secure in the Cloud
4. BUSINESS MODEL – Week 1
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Key Resources Channel
Cost Structure Revenue
6. First Pivot
Feedback After
Protect data stored
Help firms secure Cloud == Cloud Storage with
cloud based servers Cloud_Storage : Convenient but insecure Box, Dropbox, Cloud
Drive etc..
Before
7. BUSINESS MODEL – Week 3
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Cloud Infrastructure
Providers
Rent storage+mgmt
Prototype product but own your data Enterprise Cloud
Infrastructure Users
Outreach to security High degree of
conscious customers trust & confidence
IaaS, PaaS
Securely shred data.
Product evaluation Avoid provider lock-in
Cloud Storage
Providers
Key Resources Provide secure storage Channel
mgmt service to Cloud Storage Users
Open source customers (Enterprises)
community St.aaS, IaaS
Providers Cloud Storage Users
Indemnify against (consumer)
IP
content liability
Personnel
Direct
Cost Structure Revenue
R&D costs
Support costs
Marketing costs S/W license
8. Second Pivot
Feedback After
Several startups already targeting this
Help consumers space • Focus on securing
and firms secure Applications
their data on • Target Cloud
Box, Dropbox etc. Service Providers
instead of users
Before
9. BUSINESS MODEL – Week 4
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
St.aaS Providers
Ex. Varinsic, Box
Rent
Prototype product St.aaS Users –
infrastructure, ow High degree of
n your data SMB+Ent
Outreach to security trust & Ex. Box users
conscious customers confidence
IaaS, PaaS
Securely shred
Product evaluation data. Avoid IaaS Providers
Ex. Enki, Varinsic, Savvis
provider lock-in.
Key Resources Channel IaaS Users (SMB+
Open source Provide secure Ent.)
Direct Ex. HealthcareStartups, LeagalFirms,
community infrastructure
service to
customers St.aaS User
IP IaaS Providers Consumers
Ex. Dropbox, AMZN clouddrive users
Indemnify against
Personnel
content liability
Cloud Service
Content Mgmt ???
Integrators (Dell)
Cost Structure Revenue
R&D costs Price Per server
Price Per VM
Support costs encrypted
encrypted
Marketing costs
11. • Our Space • Crowded Space
• Security requirement is ubiquitous • Very competitive
• New find • Cost Benefits
• Provide easy migration • Misconception and Security Awareness
and integration services
Individual
Consultants
13. BUSINESS MODEL – Week 5
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Establish credibility as
Secure your security experts
• Establish relationships applications in public
Short term :- with CSPs & Integrators cloud
• Open source • Prototype product for Work with CSPs to help
community POC. Validate workflow. distinguishing their IaaS Cloud Providers
• IaaS CSPs • Product R & D offering (CSPs)
• Cloud Integrators • CSP Integration Meet • Provide server & application
Educate Integrators about hosting platforms
Compliance, HIPAA, P our product • Ex. FireHost, ENKI, Savvis
Long term :- CI-DSS requirements
• TPM Vendors (Trusted SaaS provider using IaaS
Platform Module) Attract security conscious • Use public IaaS Clouds to
• SaaS Application Key Resources customers that would
Channel provide internet based service
developers otherwise stay away • Ex. HealthMetricSystems
Direct
Enterprises using IaaS
Securely shred data in • Use private + public IaaS
public cloud IaaS CSPs clouds for internal IT
IP services
• Ex. Legal, Financial firms
Indemnify against
Personnel content liability Cloud integrators
• DELL, BinaryWkshp, etc.
Avoid provider lock-in SEO
Cost Structure Revenue
R&D costs
Support costs
Price Per VM
Marketing costs
encrypted
15. Modification to our offering
Feedback After
Helps firms keep CSP: “80% of our customers
application on won't know how to manage Key Management
cloud secure keys. so possibility of key platform hosted by CSP
hostings”
Before
16. BUSINESS MODEL – Week 6
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
• Establish relationships Establish credibility as
with CSPs & Integrators Secure your data and
applications in public security experts
• Prototype product for
POC. Validate workflow. cloud IaaS Cloud Providers
Short term :- (CSPs)
• Open source community • Product R & D Work with CSPs to help
Securely shred data. • Provide server & application
• IaaS CSPs • CSP Integration distinguishing their hosting platforms
• Educate Integrators about Avoid vendor lockin.
• Cloud Integrators offering • Ex. FireHost, ENKI, Savvis
our product
• Industry Experts • Testimonials / Referrals
• Vulnerability from industry experts
SaaS provider using IaaS
assessment, Threat • Use public IaaS Clouds to
detection vendors. Meet Compliance reqs. provide internet based service
Key Resources Channel
• Ex. HealthMetricSystems
Long term :-
• TPM Vendors (Trusted Direct
Platform Module) Attract security conscious
Enterprises using IaaS
• SaaS Application customers • Use private + public IaaS
developers IaaS CSPs clouds for internal IT
IP Indemnify against content services
liability • Ex. Legal, Financial firms
Personnel Cloud integrators
• DELL, BinaryWkshp, etc.
Key Mgmt Services SEO
Cost Structure Revenue
R&D costs
Support costs • Price Per encrypted VM per year
Marketing costs • Price per encrypted application
instance per year
17. Week 7: Revenue Structure
Cloud Service Providers NimbusNinjas
Price Per
VM
Price Per
Application
• CSPs charge customers by resources consumed
• Nimbus Ninjas: $$ per VM per month
18. Revenue Map
SaaS providers Enterprises using
using IaaS Cloud Applications
$XX / VM / Month $XX / VM / Month
Cloud Service Providers Cloud Integrators
$XX / Month
$25 / VM / Month $25 / VM / Month
$20 / VM / Month $20 / VM / Month
Nimbus
Ninjas
19. BUSINESS MODEL – Week 7
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
• Establish relationships with • Secure your data and
CSPs & Integrators applications in public
Establish credibility
• Prototype product for POC. cloud as security experts
Short term :- Validate workflow. • Securely shred data in
• Product R & D
IaaS Cloud Providers
• Open source community public cloud
• CSP Integration • Avoid provider lock-in
(CSPs)
• IaaS CSPs Work with CSPs to help
• Educate Integrators about • Key Mgmt Services distinguishing their
• Cloud Integrators our product • Provide server & application
offering hosting platforms
• Testimonials / Referrals • Secure your data and • Ex. FireHost, ENKI, Savvis
• Industry Experts from industry experts applications in public
• Vulnerability cloud
assessment, Threat • Securely shred data in SaaS provider using
detection vendors. Key Resources public cloud IaaS
• Avoid provider lock-in Channel
Long term :- • Key Mgmt Services Target: HealthCare,
• Meet Compliance Financial and Legal SaaS
• TPM Vendors (Trusted
Platform Module) Direct providers
• SaaS Application • Intellectual Property • Meet
developers • Personnel Compliance, HIPAA, PCI- Enterprises using
DSS requirements Cloud Applications
• Attract security-sensitive • IaaS CSPs
customers Target:
• Indemnify against content • Cloud Integrators HealthCare, Financial and
liability Legal firms
• SEO
Cost Structure Revenue
• R&D costs • Price Per encrypted VM per month
• Price per encrypted application instance
• Support costs per month
• Marketing costs • Price per managed-key transactions?
20. Week 8: Public Cloud vs. Private Cloud
vs.
Lessons Learned
• ‘Large Enterprises : Public clouds do not make economic sense (yet!)
Explore encryption / key management for private clouds
• Interesting use case of our technology :
S/W licensing for VMs
21. BUSINESS MODEL – Week 8
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
29 45 45 24 65
• Secure your data and
• Establish relationships applications in public Establish credibility as
with CSPs & Integrators cloud security experts
Short term :- • Prototype product for • Securely shred data in
IaaS Cloud Providers
• Open source community POC. Validate workflow. public cloud
• Avoid provider lock-in
(CSPs)
• IaaS CSPs • Product R & D
• Cloud Integrators • CSP Integration • Key Mgmt Services
• Provide server & application
• Educate Integrators hosting platforms
• Secure your data and Work with CSPs to help
• Industry Experts about our product • Ex. FireHost, ENKI, Savvis
applications in public distinguishing their
• Vulnerability • Testimonials / Referrals
cloud offering
assessment, Threat from industry experts • Securely shred data in SaaS provider using
detection vendors.
Key Resources public cloud IaaS
• Avoid provider lock-in Channel
Long term : 4
• Key Mgmt Services 29 Target: HealthCare,
• Meet Compliance Financial and Legal SaaS
• TPM Vendors (Trusted providers
Platform Module) Direct
• Intellectual Property • Meet
• Personnel Compliance, HIPAA, PCI- Enterprises using
• SaaS Application DSS requirements Cloud Applications
developers • Attract security-sensitive • IaaS CSPs
customers Target:
• Infrastructure Insurers • Indemnify against content • Cloud Integrators HealthCare, Financial and
liability Legal firms
• SEO
Cost Structure Revenue
4 3
• R&D costs
• Price Per encrypted VM per month
• Support costs • Price Per server encrypted
Price per encrypted application
• Marketing and Sales costs instance per month
• Price per managed-key transactions?
22. Summary of LESSONS LEARNED
• Locate prospective customers:
• Conferences are fantastic places to meet prospects
• Stay focused:
• Bad idea to address multiple market opportunities at the same
time
• Test hypothesis:
• Talking to A LARGE NUMBER of customers is key
• Lean Launchpad:
• Getting yelled at by Steve : Not a bad thing !